CVE-2026-44431 Overview
CVE-2026-44431 is an information disclosure vulnerability in urllib3, a widely used HTTP client library for Python. The flaw affects versions from 1.23 up to but not including 2.7.0. When applications use the low-level ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) API, urllib3 follows cross-origin redirects but fails to strip sensitive headers such as Authorization and Cookie. Attackers controlling a redirect target can capture credentials intended for the original host. The maintainers fixed the issue in urllib3 2.7.0. This weakness is tracked under [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor].
Critical Impact
Sensitive HTTP headers, including authentication tokens and session cookies, can leak to attacker-controlled hosts during cross-origin redirects when using the low-level ProxyManager API.
Affected Products
- Python urllib3 versions 1.23 through 2.6.x
- Applications using ProxyManager.connection_from_url().urlopen() with assert_same_host=False
- Downstream Python packages depending on vulnerable urllib3 releases
Discovery Timeline
- 2026-05-13 - CVE-2026-44431 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2026-44431
Vulnerability Analysis
The vulnerability resides in urllib3's redirect handling logic for proxied connections. When a request issued through the low-level ProxyManager API receives an HTTP 3xx response, the library follows the redirect to the new Location URL. urllib3 normally strips sensitive headers when a redirect crosses origins. That stripping logic is bypassed when callers invoke ProxyManager.connection_from_url().urlopen() with assert_same_host=False.
The result is that headers such as Authorization, Proxy-Authorization, and Cookie continue to be sent to the redirected host even when the scheme, host, or port differs from the original target. An attacker who can influence a redirect response, for example through a compromised upstream service, a malicious mirror, or a same-host endpoint that issues a 302, can harvest credentials destined for an unrelated origin.
Root Cause
The assert_same_host=False code path on the low-level connection object skips the same-origin check that gates header redaction. Because the safety control is colocated with the host assertion rather than executed independently, disabling host verification also disables header sanitization on cross-origin redirects.
Attack Vector
Exploitation requires that a target Python application uses the affected low-level API pattern and issues requests carrying sensitive headers. The attacker must control or compromise a server that the application contacts, then return a 3xx redirect pointing at an attacker-controlled origin. urllib3 forwards the original Authorization or Cookie headers to the new host, where the attacker captures them. No user interaction is required, and the attack works over the network.
No public proof-of-concept exploit is currently available. Refer to the GitHub Security Advisory GHSA-qccp-gfcp-xxvc for additional technical detail.
Detection Methods for CVE-2026-44431
Indicators of Compromise
- Outbound HTTPS requests from Python services that carry Authorization or Cookie headers to unexpected external hosts following a 3xx response.
- Proxy or egress logs showing redirect chains from trusted API endpoints to unrelated domains.
- Authentication anomalies on third-party services indicating credential reuse from unknown origins.
Detection Strategies
- Inventory installed Python packages and flag any environment with urllib3 versions between 1.23 and 2.6.x using pip list or SBOM tooling.
- Perform static analysis on application code for calls to ProxyManager.connection_from_url().urlopen() combined with assert_same_host=False.
- Correlate egress proxy logs to identify HTTP redirects that cross host boundaries while carrying authentication headers.
Monitoring Recommendations
- Monitor dependency manifests (requirements.txt, Pipfile.lock, poetry.lock) in CI for pinned vulnerable urllib3 versions.
- Alert on outbound connections from application workloads to domains outside the approved API allowlist.
- Track token and session-cookie reuse patterns across identity providers to detect credential leakage.
How to Mitigate CVE-2026-44431
Immediate Actions Required
- Upgrade urllib3 to version 2.7.0 or later across all Python environments and container images.
- Audit application source code for uses of ProxyManager.connection_from_url() with assert_same_host=False and refactor where possible.
- Rotate any credentials, API tokens, or session cookies that may have transited a vulnerable redirect path.
Patch Information
The urllib3 maintainers fixed CVE-2026-44431 in urllib3 2.7.0. The fix ensures sensitive headers are stripped on cross-origin redirects regardless of the assert_same_host flag. See the GitHub Security Advisory GHSA-qccp-gfcp-xxvc for upstream patch details.
Workarounds
- Avoid passing assert_same_host=False to the low-level urlopen() API until the upgrade is complete.
- Disable automatic redirect following by setting redirect=False and handle 3xx responses explicitly, validating the new host before resending sensitive headers.
- Route outbound HTTP traffic through an egress proxy that enforces a domain allowlist to limit exposure of leaked credentials.
# Upgrade urllib3 to the patched release
pip install --upgrade 'urllib3>=2.7.0'
# Verify the installed version
python -c "import urllib3; print(urllib3.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
